Just to be clear: this is not the shopping list of top stocks. That’s on the way! This is an overview of the cybersecurity industry and cybersecurity growth stocks.
RSA is a popular cybersecurity conference with around 45,000 attendees. It’s a good source of information on public companies who overlap between data, cloud and security. This particular conference has quite a few executives attend compared to other cybersecurity conferences, where developers or hackers attend.
Here is a sample list of companies that were at RSA:
Akamai, Crowdstrike, LogMeIn, Equinox, Elastic, Fortinet, Mimecast, Palo Alto Networks, FireEye, OpenSSL Software Foundation, SWIFT, Tenable, Checkpoint Software, Juniper Networks, Zscaler, Okta, Microsoft, Arista Networks, Box, CyberArk, Cyberbit, F5 Networks, Oracle, Secureworks, Splunk, VMWare
I met with quite a few of these companies and want to give my premium subscribers any intel that I found this week.
This is in no particular order …
1. Cybersecurity is crowded; platform consolidation will occur …
You won’t see me recommend a cybersecurity company very often under premium analysis due to vendor saturation. I’ve been to RSA and BlackHat on and off for the past few years (since 2015) and there are so many companies that it’s nearly nauseating.
Here’s a snapshot of the cybersecurity vendor landscape from 2018:

For instance, you may have noticed that I haven’t talked much about Zscaler or Crowdstrike. This is because cybersecurity is very vendor-heavy. If you do invest in a cybersecurity company, then rely on Gartner’s Magic Quadrant to help sift through the various products. Gartner does a particularly good job with cybersecurity. Okta, for instance, is a clear leader according to Gartner.
I’m especially wary of newly public security companies because they seem to have really strong numbers coming out the gate that are hard to sustain due to the competitive landscape. This is because of the crowded market; the supply is overwhelming the demand.
In fact, I wrote a piece about Crowdstrike’s valuation compared to its addressable market around the time of its IPO.
An investment strategy for cybersecurity should be one of the two:
a) The company is a neutral player between Microsoft, Amazon, Google, Oracle and IBM. As multi-cloud continues to grow in popularity, and also hybrid cloud, the very best neutral player in each category should do well. This is because companies will want to avoid vendor lock-in with Microsoft, Amazon and Google. One tactic is to use a vendor who works seamlessly across all of the major cloud players.
b) Look for dominate platforms who own the data, endpoints, or servers, etcetera. Expect to see platform consolidation, which is when companies who own the data or servers acquire smaller specialist vendors.
As with many tech industry verticals, the best moat comes from having the most data. As you can see from the landscape, it is much easier for a dominate tech player to acquire a cybersecurity vendor than for a small vendor to acquire data or endpoints. We saw this with VMWare and Carbon Black last year.
Putting on the Watch List
Of the companies I met with, I think the following companies are interesting for future positions:
OKTA:
Per the first requirement above, Okta is the industry-leading neutral player for identity access management. They work seamlessly across the giant cloud competitors. Okta rates high on the product side by Gartner and in conversations with cybersecurity professionals.
My favorite catalyst for Okta is the blockchain. I believe this company will soar once blockchain is widely adopted. I will absolutely want to have a position before blockchain takes off and Okta may be one of my biggest blockchain positions.
(Remember that blockchain can assist centralized currency transactions and will overhaul the fees and costs associated with finance while lessening the burden on financial institutions to fight fraud. Do not think of blockchain only as crypto. Even governments will use centralized blockchain).
However, I’ve been less than enthusiastic about Okta in the past because I believe the company “is fundamentally weaker” than financial analysts believed when the valuation was incredibly high compared to its peers (I wrote about this in September).
The operating costs steepened as the company lowered EPS guidance from losses of $0.22 per share to losses of $0.45 to $0.49. Most importantly, the company has high sales and marketing costs at about 66% of revenue (they reached 85% of revenue in the quarter ending April 2019).
That shows the tough battle they fight in the competitive cybersecurity field. At the time, I said that Okta would need to continue to spend heavily on S&GA or R&D to maintain its leadership position. Subsequently, the company is expected to report more losses this year.
Increasing losses is not necessarily a reason to not invest. To me, it shows the battle Okta fights in basic supply and demand despite being the best IAM product on the market. Like I said, the real catalyst will be blockchain.
Takeaway: I’d like to get a good entry on Okta and hold the stock for identity access on blockchain. We will publish a PDF if/when we initiate and Knox will update on an entry.
SPLUNK:
Splunk and Elastic overlap on some customers (Elastic is more search but they do overlap). I initiated coverage on Elastic and recommended a position because one of my favorite setups is a small company eating market share as a unique pureplay with few competitors.
Although Splunk may not be as agile as Elastic right now, there are some important merits to the company’s position. The first thing to note is Splunk’s ability to successfully pivot and expand the addressable market. The company expanded to include SIEM about two years ago and security now makes up a large portion of the business.
Spunk’s three products are: data platform, analytics and security operations. Splunk fits #2 in the investment criteria due to being a company who has the data. It’s an easy transition for Splunk to expand beyond being a data platform and analytics to also help with security operations as they can offer automation rather than incident response.
Examples of customers for Splunk’s data and security operations include: monitoring for fraud in wire transfers or monitoring for patient record snooping in hospitals. SIEM is complimentary to endpoint security (Crowdstrike), network security and identity access (Okta)
Overall revenue is growing around 30-35% with software revenue growing 40-50% year-over-year. Annual recurring revenue is at 86%. This ARR is actually decent for a company as old as Splunk (founded in 2003; went public 2012) as ARR declines over time.
Takeaway: Splunk may not be the most exciting growth stock but it’s stable and steady. I don’t think there will be any major bullish or bearish surprises on the product level but it is worth keeping on the radar for the reach it has with data and now security operations.
F5 Networks:
The only reason I would recommend F5 Networks is for the potential catalyst of 5G. Otherwise, the company has been posting a slim 2-5% revenue growth year-over-year since 2015.
Regarding 5G, the company recently partnered with Rakuten to eliminate the need for coaxial or fiber cables to offer 5G in homes. Network functions virtualization (NFV) architecture reduces cost of ownership. By combining software and hardware, 5G networks can scale quickly especially in densely populated areas. This framework is also compatible with future edge computing.
AT&T plans to have 75% of their network virtualized by 2020. For F5, smaller global networks are key to growing this area of its business. Security is also baked in as AT&T states, “virtualization could be the most crucial advancement related to 5G security, for both the provider and their enterprise customers.”
Takeaway: There are competitors in NFV but F5 Networks could potentially stand out for their strength in security. Due to F5 Networks lack of growth in other areas, I would need to see more progress here before initiating — but it’s definitely something to keep on the radar as any decrease in infrastructure costs for 5G is bound to be a growth driver.
More info to consider:
SLACK:
Regarding Slack, I’ve mentioned before that we are very early to business messaging and the real use cases are yet to come. The RSA conference helped solidify an even stronger conviction in Slack as security companies discussed integrating Slack as the messaging notification system for monitoring anomalies – i.e. when an anomaly appears, the team will be notified via Slack rather than email as the response is statistically faster. This is already happening with one or two companies.
Although security companies also integrate with Microsoft Teams, it’s worth relaying that in presentations they only mention “Slack.” This is because Slack is more universal and does not force an ecosystem lock-in.
VMware and Carbon Black
I think VMware and Carbon Black may become a serious competitor to Crowdstrike. This is due to VMware having access to millions of machines and having a neutral position across the various cloud infrastructure companies. Although Crowdstrike and Carbon Black are competitive on endpoints (Crowdstrike was beating Carbon Black in the market), VMware is clearly stronger on the server level. This acquisition was completed in October.
CROWDSTRIKE:
Crowdstrike is a top-rated stock on our cloud software spreadsheet for revenue growth, even beating out Zoom Video, Datadog and Slack. The fundamentals rank high right now. With that said, I can’t quite get over the fence with Crowdstrike as a solid long-term play and have to make these tough choices sometimes especially as we have initiated on many others ranked high on revenue.

Source: Cloud Software List Ranked by Revenue Growth